|
|
Family: Web Servers --> Category: infos
Apache mod_access rule bypass Vulnerability Scan
Vulnerability Scan Summary
Checks for Apache mod_access Rule Bypass Vulnerability
Detailed Explanation for this Vulnerability Test
The target is running an Apache web server that may not properly handle
access controls. In effect, on big-endian 64-bit platforms, Apache
fails to match allow or deny rules containing an IP address but not a
netmask.
***** Nessus has acertaind the vulnerability exists only by looking at
***** the Server header returned by the web server running on the target.
***** If the target is not a big-endian 64-bit platform, consider this a
***** false positive.
Additional information on the vulnerability can be found at :
- http://www.apacheweek.com/features/security-13
- http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722
- http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
Solution : Upgrade to Apache version 1.3.31 or newer.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
